PHPackages joshdonnell/radar - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Utility & Helpers](/categories/utility) 4. / 5. joshdonnell/radar ActiveLibrary[Utility & Helpers](/categories/utility) joshdonnell/radar ================= A lightweight dependency health dashboard for Laravel applications v0.0.1(1mo ago)42[2 PRs](https://github.com/joshdonnell/radar/pulls)MITPHPPHP ^8.3CI passing Since May 6Pushed 6d agoCompare [ Source](https://github.com/joshdonnell/radar)[ Packagist](https://packagist.org/packages/joshdonnell/radar)[ Docs](https://github.com/JoshDonnell/radar)[ RSS](/packages/joshdonnell-radar/feed)WikiDiscussions main Synced 1w ago READMEChangelog (1)Dependencies (16)Versions (11)Used By (0) Laravel Radar ============= [](#laravel-radar) [![Laravel Compatibility](https://camo.githubusercontent.com/6295c090924df8f483f2860815d6d2b4e16a2c96c6d8ce1acaddb9c334181546/68747470733a2f2f62616467652e6c61726176656c2e636c6f75642f62616467652f6a6f7368646f6e6e656c6c2f7261646172)](https://packagist.org/packages/joshdonnell/radar) [![Tests](https://github.com/JoshDonnell/radar/actions/workflows/tests.yml/badge.svg)](https://github.com/JoshDonnell/radar/actions/workflows/tests.yml) [![Formats](https://github.com/JoshDonnell/radar/actions/workflows/formats.yml/badge.svg)](https://github.com/JoshDonnell/radar/actions/workflows/formats.yml) [![License](https://camo.githubusercontent.com/7013272bd27ece47364536a221edb554cd69683b68a46fc0ee96881174c4214c/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d626c75652e737667)](https://github.com/JoshDonnell/radar/blob/main/LICENSE.md) Introduction ------------ [](#introduction) **Laravel Radar** is a lightweight dependency health dashboard and notifier for Laravel applications. Radar scans Composer and NPM dependencies, stores a snapshot, and highlights: - vulnerable packages - outdated direct dependencies - abandoned Composer packages - practical, conservative next steps Radar is intentionally read-only. It reports dependency health and suggests commands, but it does **not** update dependencies, edit lock files, commit changes, or deploy code for you. [![Laravel Radar dashboard screenshot](art/dashboard.png)](art/dashboard.png) Requirements ------------ [](#requirements) - PHP 8.3+ - Laravel 12 or 13 - Composer - Node/NPM available when scanning JavaScript dependencies Installation ------------ [](#installation) Install Radar with Composer: ``` composer require joshdonnell/radar ``` Publish Radar's config file, migration, and dashboard assets: ``` php artisan radar:install ``` Run the migration: ``` php artisan migrate ``` Usage ----- [](#usage) Run a dependency scan: ``` php artisan radar:scan ``` Open the dashboard at: ``` /radar ``` The dashboard path can be changed with: ``` RADAR_PATH=internal/radar ``` Radar's dashboard is enabled outside production by default and disabled in production by default. Production applications can still run scans and send notifications. Only enable the dashboard in production when it is protected by trusted authentication and authorization. ``` RADAR_DASHBOARD_ENABLED=true ``` Commands -------- [](#commands) Radar currently ships these Artisan commands: ``` php artisan radar:scan php artisan radar:notify php artisan radar:clear ``` ### `radar:scan` [](#radarscan) Scans application dependencies and stores a Radar snapshot. ``` php artisan radar:scan ``` Scan a different project path: ``` php artisan radar:scan --path=/path/to/app ``` Use CI mode in a pipeline after installing dependencies: ``` php artisan radar:scan --ci --severity=high ``` The `--ci` flag makes `radar:scan` return a failing status when vulnerabilities meet the configured severity threshold. Your CI provider does not need special handling. It only needs to run the command and respect the exit code. Set `--severity` to `low`, `medium`, `high`, or `critical`. Radar returns `1` when a vulnerability is at or above that threshold, `0` when none are, and `2` when the CI options or scan path are invalid. ### `radar:notify` [](#radarnotify) Sends deduplicated vulnerability notifications for the latest stored scan. ``` php artisan radar:notify ``` Run a fresh scan before notifying: ``` php artisan radar:notify --scan ``` Notifications are only sent when vulnerabilities exist and at least one notification route is configured. ### `radar:clear` [](#radarclear) Clears stored Radar scan history. ``` php artisan radar:clear ``` Skip the confirmation prompt: ``` php artisan radar:clear --force ``` Dashboard --------- [](#dashboard) The dashboard shows the latest stored scan, including: - health score - latest scan time - Composer and NPM package inventory - vulnerability findings - outdated direct dependency findings - abandoned Composer package findings - suggested safe commands or review steps where Radar can infer them Notifications ------------- [](#notifications) Radar uses Laravel Notifications. Your application still owns the normal mail and Slack transport configuration; Radar only stores the on-demand notification routes it should target. Configure mail recipients: ``` RADAR_NOTIFICATION_MAIL_TO=security@example.com,dev@example.com ``` Configure Slack: ``` RADAR_NOTIFICATION_SLACK_WEBHOOK_URL=https://hooks.slack.com/services/... ``` Send notifications manually: ``` php artisan radar:notify ``` Or scan first, then notify: ``` php artisan radar:notify --scan ``` Repeated notifications for the same vulnerability finding set are deduplicated for the configured TTL: ``` RADAR_NOTIFICATION_DEDUPE_TTL=86400 ``` Scheduling ---------- [](#scheduling) Radar preconfigures a nightly scheduled `radar:notify --scan` run at `02:00`, so each notification run starts with a fresh scan. Your application still needs Laravel's scheduler running in production, usually via a cron entry that runs `php artisan schedule:run` every minute. Customize or disable Radar's built-in schedule: ``` RADAR_NOTIFICATION_SCHEDULE_ENABLED=true RADAR_NOTIFICATION_SCHEDULE_TIME=02:00 RADAR_NOTIFICATION_SCHEDULE_TIMEZONE=Europe/London ``` Authorization ------------- [](#authorization) Radar checks the configured gate outside local environments before serving the dashboard. Define the gate in your application, for example: ``` use Illuminate\Support\Facades\Gate; Gate::define('viewRadar', fn ($user = null): bool => $user?->is_admin === true); ``` If you publish the config, you can change the gate name by editing the `authorization.gate` value in `config/radar.php`. Configuration ------------- [](#configuration) Publish the configuration file with: ``` php artisan vendor:publish --tag="radar-config" ``` Useful environment variables: ``` RADAR_ENABLED=true RADAR_PATH=radar RADAR_DASHBOARD_ENABLED=false RADAR_DB_CONNECTION=sqlite RADAR_PRUNE_DAYS=30 RADAR_COMMAND_TIMEOUT=60 RADAR_NOTIFICATION_MAIL_TO=security@example.com RADAR_NOTIFICATION_SLACK_WEBHOOK_URL= RADAR_NOTIFICATION_DEDUPE_TTL=86400 RADAR_NOTIFICATION_SCHEDULE_ENABLED=true RADAR_NOTIFICATION_SCHEDULE_TIME=02:00 RADAR_NOTIFICATION_SCHEDULE_TIMEZONE= ``` See [the configuration documentation](docs/configuration.md) for the full config reference. Dependency sources ------------------ [](#dependency-sources) Radar reads dependency information from package manager files and installed package metadata. Composer support includes: - package inventory from `composer.lock` - fallback inventory from `vendor/composer/installed.json` - vulnerability findings from `composer audit --format=json` - outdated direct dependencies from Composer's outdated output - abandoned package metadata from Composer package data NPM support includes: - package inventory from `package-lock.json` - fallback direct package inventory from `node_modules/*/package.json` - vulnerability findings from `npm audit --json` - outdated direct dependencies from NPM's outdated output Supported Node runners ---------------------- [](#supported-node-runners) Radar detects the JavaScript package manager from the project lock file and uses that runner when suggesting safe NPM update commands. Lock fileRunnerExample recommendation`package-lock.json`npm`npm update vite``npm-shrinkwrap.json`npm`npm update vite``yarn.lock`Yarn`yarn up vite``pnpm-lock.yaml`pnpm`pnpm update vite``bun.lock`Bun`bun update vite``bun.lockb`Bun`bun update vite`If no known lock file exists, Radar falls back to npm. Testing ------- [](#testing) Run the PHP checks: ``` composer test ``` Run frontend checks while working on dashboard assets: ``` npm run test:lint npm run test:types npm run build ``` License ------- [](#license) Laravel Radar is open-sourced software licensed under the [MIT license](LICENSE.md). ### Health Score 41 — FairBetter than 87% of packages Maintenance96 Actively maintained with recent releases Popularity7 Limited adoption so far Community8 Small or concentrated contributor base Maturity45 Maturing project, gaining track record Bus Factor1 Top contributor holds 89.8% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 34d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/0e84904640ee422baef8e0ace057d93fb2ada8a5adce3b5db28247da0647b52d?d=identicon)[joshdonnell](/maintainers/joshdonnell) --- Top Contributors [![joshdonnell](https://avatars.githubusercontent.com/u/17536271?v=4)](https://github.com/joshdonnell "joshdonnell (44 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (5 commits)") --- Tags laraveldependenciescveradar ### Code Quality TestsPest Static AnalysisPHPStan, Rector Code StyleLaravel Pint ### Embed Badge ![Health badge](/badges/joshdonnell-radar/health.svg) ``` [![Health](https://phpackages.com/badges/joshdonnell-radar/health.svg)](https://phpackages.com/packages/joshdonnell-radar) ``` ### Alternatives [spatie/laravel-permission Permission handling for Laravel 12 and up 12.9k98.0M1.3k](/packages/spatie-laravel-permission)[psalm/plugin-laravel Psalm plugin for Laravel 3325.1M337](/packages/psalm-plugin-laravel)[spatie/laravel-health Monitor the health of a Laravel application 88011.3M149](/packages/spatie-laravel-health)[codewithdennis/filament-select-tree The multi-level select field enables you to make single selections from a predefined list of options that are organized into multiple levels or depths. 327482.0k25](/packages/codewithdennis-filament-select-tree)[nativephp/desktop NativePHP for Desktop 37833.6k8](/packages/nativephp-desktop)[laracraft-tech/laravel-useful-additions A collection of useful Laravel additions! 58122.8k](/packages/laracraft-tech-laravel-useful-additions) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)